constructive-starter-kits

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The documentation (references/pgpm-init.md and references/authoring-templates.md) explicitly instructs using --repo or a GitHub URL to pull custom boilerplate repositories (e.g., pgpm init --repo owner/repo), which means the skill fetches and consumes arbitrary public template content (untrusted/user-generated) that can alter scaffolding questions and outputs and thus materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes pgpm init with remote template repositories (e.g., constructive-io/pgpm-boilerplates and constructive-io/sandbox-templates, and even git URLs like https://github.com/owner/repo.git) which are fetched at runtime and supply .boilerplate.json/template files that directly control prompts and scaffolding (and can include executable content), so these remote repos are runtime dependencies that can alter agent instructions or execute code.